Chief Information Security Officer

• IT Security Solution Provider Enterprise Strategic Development Motivational Team Leader
• Astute, results-oriented leader with proven success in strategic development, business communications, IT security operations and risk management. Exceptional ability to balance technical and business requirements paired with superior people skills, resulting in effectively managing projects, meeting deadlines and consistently concluding on business results. Critical thinker and solutions provider who can apply extensive knowledge of industry standards CoBIT, PCI, SOX, COSO, NIST as a certified risk professional, information security manager and ISO 27001 framework implementer. Expert direction in IT resources, technology and incident response management. Successful coordination of audit and compliance programs resulting in reduced organizational risk within business tolerance levels. Expertise in:

Career Accomplishments

Security Solutions Provider

• Lead successful projects in providing security assessments on endpoint security, web security, data leakage prevention, integrity controls, regulatory retention controls, access governance, and LAN auditing reviews with a coordinated and successful implementation of new security solutions.
• Devised tactical and operational plans for monitoring, auditing and reporting on various high-risk systems.
• Introduced the vulnerability management program that addressed the organization's concerns related to continual industry threats by inducing proactive operations.

Strategic Planning Forecasting

• Innovator and visionary of identifying New York City Employees Retirement Systems information security program gaps and security risks with industry standard solutions seamlessly integrated into business processes to mitigate risks.
• Proposed and identified a business case to align policies and standards with agency procedures to maintain a visible security awareness program and compliance controls.
• Consolidated redundant technologies resulting in company savings of more than 30,000.

Value Delivery

• Ensured the Total Cost of Ownership is defined for any new technological security solution to maintain budgetary constraints in addition to demonstrating Return On Investment.
• Maintain the value of existing security solutions and processes by performing regular reviews and assessments to forecast the agencies future security requirements that map to industry trends.
• Developed metrics to identify key performance indicators, key risk indicators and key goal indicators.

Leadership Communication

• Proven leadership skills in project management and communications under stringent timelines ensuring project completion from inception to implementation.
• Security Awareness communications developer initiating intranet and other educational solutions to improve user community security awareness.
• Key mediator and advisor in resolving inter-departmental issues and providing recommendations to rectify differences in operational and strategic approach.

Professional Experience

Chief Information Security Officer

Confidential

• Implemented a web security solution for the agencies internal internet presence to prevent malicious internet software
• and undesirable websites from the agency network user community.
• Created and maintained NYCERS Data Leakage Prevention program to ensure the agency's confidential information
• does not leave the agency network without prior authorization.
• Monitored endpoints or workstations for unauthorized transfers of confidential data to removable media and created
• incident reports for investigations.
• Coordinated all technical investigations on events, incident responses and proactive trends based on consistent data
• analysis and forensics.
• Designed and implemented an audit and compliance program for Windows Active Directory to ensure internal
• configuration management procedures are enforced and authorized before changes are implemented.
• Project Lead for Security Architecture for Active Directory and network infrastructure to certify all security controls are
• considered throughout any design requirements and implementation.
• Created, standardized and enforced the agencies Vulnerability Management program to maintain consistent and timely
• remediation updates to systems and software components including operating systems.
• Enforced and promoted the agencies Data Classification Standards and promoted best practice encryption controls
• seamlessly across the enterprise.
• Promoted and developed an Information Security Management System based on ISO 27001 standards.
• Managed and structured the log management and reporting solution for all critical system logging events.
• Coordinated and enforced all access control to systems including mainframe access to ensure authorization is granted and
• procedures are maintained and enforced.
• Promoted and architect the agency Enterprise Risk Management program ERM solution to mitigate risk across the
• agency IT systems and business operations.

Information Security Manager

Confidential

• Provided project lead and direction for all information security projects to successful completion within aggressive timeframes.
• Responsible for the timely delivery of provisioning and de-provisioning staff in all agency systems by directing staff on effective communications with the end users.
• Maintained operational compliance requirements for the IT/Server, Helpdesk and Network teams to ensure standards are adhered too.
• Direct report to Executive Management on information security initiatives and project status to ensure alignment with organizational objectives and to remediate identified risks to the business.
• Wrote, revised and edited agency policies, procedures and standards when change management or risk has been identified in the agency.
• Architected the Information Security Management Program ISMP based on ISO 27002 and citywide policy requirements as a perpetual and annual revision process.
• Advised and consulted Executive Management on process improvements on the agency infrastructure to further reduce residual risk.

Senior Information Security Analyst

Confidential

• Vulnerability assessment and remediation, incident response, forensic development and log management review assures the Information Security continual practice of best industry standards.
• Responsible for enforcement controls of the IT/Information Security unit and IT auditing procedures.
• Review and recommended business continuity risk assessment strategy for the agency.
• Successfully recommended auditing technologies to mitigate internal and external threats due to configuration changes and errors.
• Created policies for content filtering controls to ensure the confidentiality of member information.
• Proposed a security information program that encompasses all internal security technologies to conclude on the agencies security objectives.
• A dynamic team leader with proven success in mentoring and motivational skill sets.
• Formulate the organizations engagement strategy with the new ISO 27001 standard and the ITIL v.3 objectives.
• Increase security implementations by providing an Assurance process to certify any security mitigation controls within the agency.
• Audit internal access controls on the mainframe and Active Directory utilizing Scriptlogic auditing tools to ascertain privileged level access revisions.
• Assign/revoke physical access control proximity cards to employees upon new hire and terminations.
• Audit IT/Server Unit operational procedures to ensure security best practices are enforced from start of task/project to completion.
• Revised the agencies Policies and Procedures and made recommendations to align the business objectives with the latest security policies and to propose and implement best industry standard practices ISO 17799.

System Administrator/Chief Security Officer

Confidential

• Proposed and demonstrated Hot/Warm/Cold sites for remote office backup to enable Business Continuity for the organization.
• Primarily responsible for all information tape backups and off-site storage procedures and implementations.
• Responded successfully to all Virus/Trojan/Malware attacks by inside/outside intrusions.
• Secured user access to specific information assets resulting in the least privilege principle.
• Manage, maintain, and support all data and voice infrastructure for 7 branch office locations in the Tri-State area.
• Utilized Orion Monitoring tool for auditing and monitoring infrastructure devices on the network.
• Stabilized the consistent downtime, via the WAN, to the organization by implementing a fiber WAN infrastructure at the Central Office CO .
• Reviewed all single points of failures pertaining to business continuity and created contingency plans to enable 99.999 uptime.
• Maintained access control methodologies and proposed a password policy for the East/West coast organization.
• Secured the network infrastructure perimeter devices with various access control methodologies and practices.
• Performed an audit of system access and relayed proposed solutions to harden information system access.
• Proposed an escalation policy and procedure for the Helpdesk staff to adhere.
• Performed Due Diligence of Disaster Recovery plans for changes, and proposed recommendations for business continuity.
• Demonstrated expertise in securing a corporate environment including Access Control, Physical Security, Telecommunications/Network Security, Cryptography practices incorporating the core tenet of security - Confidentiality, Integrity, and Availability.
• Ensured HIPAA compliancy as the Chief Security Officer of the organization.
• Enact trouble ticket with the organization's ISP regarding Data Communications WAN related issues and document and record proceedings according to organizational policies.
• Recommended Business Continuity strategies for the East coast organization.
• Reviewed and recommended new PI Private Information processes for the organization pertaining to the IT Department and it's involvement in JCAHO surveys.
• Reviewed and recommended new PI processes for the organization pertaining to the IT Department and it's involvement in JCAHO surveys.